plaisthos has uploaded this change for review. ( http://gerrit.openvpn.net/c/openvpn/+/1465?usp=email )
Change subject: Require script-security 2 when using unix: tun ...................................................................... Require script-security 2 when using unix: tun Since this executes an executable from an arbitrary path, it should follow the same rules as other scripts/executable. Reported-By: Petr Simecek, Pavel Kohout and Stanislav Fort from Aisle Research Change-Id: I89dcab24ba510094ce1672e382960bf15def310a Signed-off-by: Arne Schwabe <[email protected]> --- M src/openvpn/tun_afunix.c 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/65/1465/1 diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c index c410480..a67a472 100644 --- a/src/openvpn/tun_afunix.c +++ b/src/openvpn/tun_afunix.c @@ -61,7 +61,10 @@ argv_printf(&argv, "%s", program); - tt->afunix.childprocess = openvpn_execve_check(&argv, env, S_NOWAITPID, msgprefix); + /* exit when executing fails to easier spot errors here and treat this + * command like an external script */ + int flags = S_NOWAITPID | S_SCRIPT | S_FATAL; + tt->afunix.childprocess = openvpn_execve_check(&argv, env, flags, msgprefix); if (!openvpn_waitpid_check(tt->afunix.childprocess, msgprefix, M_WARN)) { tt->afunix.childprocess = 0; -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1465?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I89dcab24ba510094ce1672e382960bf15def310a Gerrit-Change-Number: 1465 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
